Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp4930313pxb; Wed, 26 Jan 2022 00:32:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJx1G7ap7Dd2WZ1LkrH8Om3tGxLyZz9dpzZZfdYyLgl6o9e5m1nh0gcCrvQ1wx3kCT7/HVMq X-Received: by 2002:a17:906:150c:: with SMTP id b12mr18596423ejd.284.1643185960218; Wed, 26 Jan 2022 00:32:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643185960; cv=none; d=google.com; s=arc-20160816; b=U6vVxC5lPBpDSJOYG+oP3V59PvWXOd8AjBInUG1eY3+GP0E2RN15O3oFi5DqmzM7Ha BT/g7ChosX3ADJH+PlTmtLWzebmdVVACbqzGP5tcWKaDsq+zPJMfOcq0LauMyQrDlp6f UPGQHvRbLHPA+A6jJXirFSLDi47YSA2YDp1yke6LXDHYveCA7VSMemrhbkG/dEOeYt2l 29pydwAiMzYt6YLZvSqsJkb+0bTUWjftZU4sBevMfS8oc6N7f49ixojG0jM8QjTLuUqA VA58776Csbtv0+/QOTwjSHHjKt3ZkfofREM0SBgvt1uPUi7+A5pW14STrmIu/5RaMrSr BgMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=XnOpHOntQOg5wjymzDOHXiPanYFDFvY26sbX++O0fnA=; b=igGvWY+js3wSkDCovtSHBV9eKPcho4uLZzVS2VoOJm7Y4QRtmDoTO/P9ESAsWXLDoh x9nCbHlZE2ARDSGYvZQfNFeCd7DPevjgt4/X42higkHMUbjv9Pyrm6zn3nuPqqeVDeI+ D1FhfK1yt+rqvxjIR/rrEmkNlx+1hxSyUFBLGSCEZAfjW8TlCJL9mwC/efvg1IWYPNXQ xpHMUW15MSyr9FWAWW6gnY1n1QG2yIiGHIac0h+5KgoFb5nRDOQEkAkSXKb7JnEL4LRF 18BGrAJHMQiN0MC9Z3F7A0bsZtK9lfTpERxtrHnQ3zKm1KOBUhQ9nAow+qJPJWt/LWwp GKfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=VELGeg2h; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v5si5242259edi.611.2022.01.26.00.32.04; Wed, 26 Jan 2022 00:32:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=VELGeg2h; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230476AbiAYTus (ORCPT + 99 others); Tue, 25 Jan 2022 14:50:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230435AbiAYTuq (ORCPT ); Tue, 25 Jan 2022 14:50:46 -0500 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8FE82C061744; Tue, 25 Jan 2022 11:50:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=XnOpHOntQOg5wjymzDOHXiPanYFDFvY26sbX++O0fnA=; b=VELGeg2hS4JKT8txctMPaShzdT ZaTFITxIlYbm2Uj12Qxez0OYx7e1MYq2UoZXodMrCxvGeygRgn7gKfoteE1diO3iyBZJ8KUdAXnkd eVAkqTeoOFrGj3sLsiX9+iWSotgN5NABPqUvVZLsX7KpOqjNgZ/+r6lfu3muAyMmARu6UsZ4kKGJk IUwfX9k2+58not7Pl+Jj6UBm1ZuLWYel2TbXXc/qQqvVDrr1tJEXuVK2i/LQlI0eoA+KQtMZLL+rc 82XvPYvLKUvHncE/yTFMR8MgTBVyT8p5PPrgBmYj2GxjTIvZFopD3jmNjkMNdUZk2hHBKLycT/68x dZlX6Vag==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1nCRpw-009QFo-M3; Tue, 25 Jan 2022 19:50:40 +0000 Date: Tue, 25 Jan 2022 11:50:40 -0800 From: Luis Chamberlain To: Michal Suchanek , Heiko Carstens Cc: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, Philipp Rudo , Mimi Zohar , Nayna , Rob Herring , linux-s390@vger.kernel.org, Vasily Gorbik , Lakshmi Ramasubramanian , Jessica Yu , linux-kernel@vger.kernel.org, David Howells , Christian Borntraeger , Paul Mackerras , Hari Bathini , Alexander Gordeev , linuxppc-dev@lists.ozlabs.org, Frank van der Linden , Thiago Jung Bauermann , Daniel Axtens , buendgen@de.ibm.com, Michael Ellerman , Benjamin Herrenschmidt , Christian Borntraeger , Herbert Xu , "David S. Miller" , Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , Sven Schnelle , Baoquan He , linux-security-module@vger.kernel.org Subject: Re: [PATCH v4 1/6] s390/kexec_file: Don't opencode appended signature check. Message-ID: References: <940cd6a0e88793060cdf5ddb7880c03564b38bdd.1641822505.git.msuchanek@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <940cd6a0e88793060cdf5ddb7880c03564b38bdd.1641822505.git.msuchanek@suse.de> Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jan 10, 2022 at 02:49:53PM +0100, Michal Suchanek wrote: > Module verification already implements appeded signature check. > > Reuse it for kexec_file. > > The kexec_file implementation uses EKEYREJECTED error in some cases when > there is no key and the common implementation uses ENOPKG or EBADMSG > instead. > > Signed-off-by: Michal Suchanek > Acked-by: Heiko Carstens > --- > v3: Philipp Rudo : Update the commit with note about > change of return value > --- > arch/s390/kernel/machine_kexec_file.c | 22 +++++----------------- > 1 file changed, 5 insertions(+), 17 deletions(-) > > diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c > index 8f43575a4dd3..c944d71316c7 100644 > --- a/arch/s390/kernel/machine_kexec_file.c > +++ b/arch/s390/kernel/machine_kexec_file.c > @@ -31,6 +31,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len) > const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1; > struct module_signature *ms; > unsigned long sig_len; > + int ret; > > /* Skip signature verification when not secure IPLed. */ > if (!ipl_secure_flag) > @@ -45,25 +46,12 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len) > kernel_len -= marker_len; > > ms = (void *)kernel + kernel_len - sizeof(*ms); > - kernel_len -= sizeof(*ms); > + ret = mod_check_sig(ms, kernel_len, "kexec"); > + if (ret) > + return ret; > > sig_len = be32_to_cpu(ms->sig_len); > - if (sig_len >= kernel_len) > - return -EKEYREJECTED; There is a small minor fix here, where by using mod_check_sig() now decreased the kernel_len by the sizeof(*ms). It is minor though. > - kernel_len -= sig_len; > - > - if (ms->id_type != PKEY_ID_PKCS7) > - return -EKEYREJECTED; More importantly is the return value used here changes but given the Ack by Heiko I suspect this if fine and does not break old userspace, the only change here is the possible error value returned by the kexec_file_load() system call. Reviewed-by: Luis Chamberlain Luis